[krbdev.mit.edu #5393] krb5-1.6: tcp kpasswd service required if only admin_server is specified in krb5.conf
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Thu Jan 18 07:55:23 EST 2007
Public Submitter via RT wrote:
>> This parameter is not used when searching the krb5.conf file.
>
> Well, it is used. Here is the line how it is called:
>
> changepw.c:krb5_locate_kpasswd
> => locate_kdc.c:krb5int_locate_server(..., socktype stream, ...)
> => locate_kdc.c:prof_locate_server(..., socktype stream, ...)
> => locate_kdc.c:krb5_locate_srv_conf_1(..., socktype stream, ...)
> => locate_kdc.c:[krb5int_]add_host_to_list(..., socktype
> stream, ...)
> {
> hint.ai_socktype = socktype;
> }
>
> I can say: When I specify only kdc and admin_server in krb5.conf (no
> DNS) this code tries to open a tcp connection to kpasswd service port
> 464. But kadmind does not open such a port. It has only a udp port
> open.
I suspect that patch that you are looking for is this. Please confirm
that it addresses your issue and I will commit it.
Index: changepw.c
===================================================================
--- changepw.c (revision 19063)
+++ changepw.c (working copy)
@@ -70,12 +70,14 @@
locate_service_kadmin,
SOCK_STREAM, 0);
if (!code) {
/* Success with admin_server but now we need to change the
- port number to use DEFAULT_KPASSWD_PORT. */
+ port number to use DEFAULT_KPASSWD_PORT and the socktype. */
int i;
for (i=0; i<addrlist->naddrs; i++) {
struct addrinfo *a = addrlist->addrs[i].ai;
if (a->ai_family == AF_INET)
sa2sin (a->ai_addr)->sin_port =
htons(DEFAULT_KPASSWD_PORT);
+ if (sockType != SOCK_STREAM)
+ a->ai_socktype == sockType;
}
}
}
More information about the krb5-bugs
mailing list